Redirect anonymous users away

It makes no sense to let anonymous users interact with the admin
pages so tighten up access and redirect away users that have no
rights.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>

1 files changed, 4 insertions, 1 deletions

diff --git a/ipsilon/admin/login.py b/ipsilon/admin/login.py
index bb79f90..16489f1 100755
--- a/ipsilon/admin/login.py
+++ b/ipsilon/admin/login.py
@@ -19,7 +19,7 @@
 
 import cherrypy
 from ipsilon.util.page import Page
-from ipsilon.util.page import admin_protect
+from ipsilon.util.page import admin_protect, auth_protect
 from ipsilon.util.plugin import PluginObject
 from ipsilon.admin.common import AdminPluginPage
 from ipsilon.login.common import FACILITY
@@ -144,9 +144,11 @@ class LoginPlugins(Page):
                               enabled=ordered,
                               menu=self._master.menu)
 
+    @auth_protect
     def root(self, *args, **kwargs):
         return self.root_with_msg()
 
+    @admin_protect
     def enable(self, plugin):
         msg = None
         plugins = self._site[FACILITY]
@@ -161,6 +163,7 @@ class LoginPlugins(Page):
         return self.root_with_msg(msg, "success")
     enable.exposed = True
 
+    @admin_protect
     def disable(self, plugin):
         msg = None
         plugins = self._site[FACILITY]